Re: help with data recovery from injected UPDATE

From: "Chris Spotts" <rfusca(at)gmail(dot)com>
To: "'Scott Marlowe'" <scott(dot)marlowe(at)gmail(dot)com>
Cc: "'Gus Gutoski'" <shared(dot)entanglement(at)gmail(dot)com>, <pgsql-general(at)postgresql(dot)org>
Subject: Re: help with data recovery from injected UPDATE
Date: 2009-06-12 12:57:11
Message-ID: 000d01c9eb5d$4e193310$ea4b9930$@com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

> >> It's a classic story.  I'm volunteering about one day per month for
> >> this project, learning SQL as I go.  Priority was always given to
> the
> >> "get it working" tasks and never the "make it safe" tasks.  I
> had/have
> >> grandiose plans to rewrite the whole system properly after I
> graduate.
> >>  Unfortunately, the inevitable corruption didn't wait that long.
> > As you're learning, it sounds like parametrized queries might have
> saved you
> > from the sql injection that caused this.
>
> Very true, and always a good idea. However, OPs true failure here is
> on the backup front. Without recent, reliable backups, on another
> machine / media / datacenter etc. is the only way your data can be
> truly safe.
[Spotts, Christopher]
Oh absolutely. Regardless of anything you do on the functional aspect, you'd
still need backups. I was just saying that if you're eventually going to
redesign (like mentioned), a nudge towards parameterized queries doesn't
hurt.

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Jasen Betts 2009-06-12 12:57:49 Re: Libpq on windows
Previous Message Jasen Betts 2009-06-12 12:55:15 Re: Libpq on windows